The follina Zero Day vulnerability exposed this week allows remote code execution on the victim's computer once the device is infected. Although Microsoft admitted the existence of this vulnerability a few weeks ago, Microsoft has not yet released an effective vulnerability repair patch, but only provided a more detailed solution Fortunately, the third-party company provided relevant patches
Micro patch company 0patch has targeted windows 11. Windows 10, Windows 7 and Windows Server 2008 R2 have released free fixes for this vulnerability. The vulnerability is traced as cve-2022-30190 and exists in the windows component of Microsoft Windows support diagnostic tool (MSDT).
At present, the solution officially provided by Microsoft can be described as "simple and crude", which is to disable problematic components; 0patch provides a more subtle approach. In a blog post about micro patch, mitja kolsek's 0patch said:
For us, disable MSDT by patching it with the terminateprocess () call Exe is by far the simplest method. However, this will prevent the windows diagnostic wizard from running, even for non office The same is true for applications. Another option is to patch Microsoft's recommendations to effectively disable the MS msdt: URL protocol handler.
However, if possible, we want to minimize the impact other than the vulnerability, so we decided to put the patch in sdiagnhost Exe and check whether the user provided path contains the "$(" sequence - this is necessary to inject PowerShell subexpressions. If detected, we ensure that runscript calls are bypassed when the diagnostic tool continues to run.
No matter which version of office you have installed or whether you have installed Office, this vulnerability may also be exploited through other attack media. That's why we also patched Windows 7, where MS MSDT: no URL handler is registered at all
The patch provided by 0patch is applicable to the following systems, and even windows 7 systems that have stopped supporting:
● Windows 11 v21H2
● Windows 10 v21H2
● Windows 10 v21H1
● Windows 10 v20H2
● Windows 10 v2004
● Windows 10 v1909
● Windows 10 v1903
● Windows 10 v1809
● Windows 10 v1803
● Windows 7
● Windows Server 2008 R2